1. Field of the Invention
The present invention relates to a device and a method for authenticating a mobile device.
2. Description of the Related Art
In the technical field of IT security, verification of a claimed property of an entity, for instance, a communication partner, is called an authentication. The term authentication may also encompass the contribution made by the entity to be authenticated toward its authentication. Authentication may refer to the most diverse properties, particularly to the spatial position of the respective entity, and, in case of success, justifies its authorization, which may be, for example, the concession or delegation of certain authorizations to the entity that has been established as authentic.
In this connection, US Patent Application Publication No. 20110092185 A1 provides various systems and methods for location-based authentication of a mobile terminal unit. For this purpose, the concept is introduced of a central location token service (LTS), which forces a renewed authentication of the mobile device as soon as it moves away over a specified distance from the position of its last contact, within a certain time interval. For this purpose, the mobile device transmits a universally unique identifier (UUID), a user name, a telephone number as well as a password to the location token service, which uses these data for the duration of the user session, for identifying the mobile device as well as its user.
Such approaches, known from the related art, are met with understandable concerns from the perspective of data privacy laws particularly in the more recent past. In this respect, apart from great complexity and limited user-friendliness, the cited method is above all fraught with a great potential for misuse. Thus, the exchange of unique unit names and user names via the wireless and thus inherently insecure communication channel between the mobile device and the location token service, allows a conceivable attacker not only to identify a certain device, but even to track its movements over the entire duration of the user session. Consequently, such an approach opens, not only to the location token service itself, but even to unauthorized people, by way of data collection and data combination, the possibility of establishing complete movement profiles, which, in turn, allow for the tracking of position changes and possibly even actions of users, and thereby to monitor them.